pepelyaevip/vuln-list-alt
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
vuln-list-alt/oval/p10/ALT-PU-2020-2973/definitions.json
pepelyaevip 56bb29c44b ALT Vulnerability
2024-06-28 13:17:52 +00:00

277 lines
12 KiB
JSON
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

{
"Definition": [
{
"ID": "oval:org.altlinux.errata:def:20202973",
"Version": "oval:org.altlinux.errata:def:20202973",
"Class": "patch",
"Metadata": {
"Title": "ALT-PU-2020-2973: package `proftpd` update to version 1.3.6-alt0.3.ga73dbfe3b",
"AffectedList": [
{
"Family": "unix",
"Platforms": [
"ALT Linux branch p10"
],
"Products": [
"ALT Server",
"ALT Virtualization Server",
"ALT Workstation",
"ALT Workstation K",
"ALT Education",
"Simply Linux",
"Starterkit"
]
}
],
"References": [
{
"RefID": "ALT-PU-2020-2973",
"RefURL": "https://errata.altlinux.org/ALT-PU-2020-2973",
"Source": "ALTPU"
},
{
"RefID": "BDU:2019-04710",
"RefURL": "https://bdu.fstec.ru/vul/2019-04710",
"Source": "BDU"
},
{
"RefID": "CVE-2019-18217",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2019-18217",
"Source": "CVE"
},
{
"RefID": "CVE-2019-19269",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2019-19269",
"Source": "CVE"
},
{
"RefID": "CVE-2019-19270",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2019-19270",
"Source": "CVE"
}
],
"Description": "This update upgrades proftpd to version 1.3.6-alt0.3.ga73dbfe3b. \nSecurity Fix(es):\n\n * BDU:2019-04710: Уязвимость компонента main.c FTP-сервера ProFTPD, связанная с выполнением цикла с недоступным условием выхода, позволяющая нарушителю вызвать отказ в обслуживании\n\n * CVE-2019-18217: ProFTPD before 1.3.6b and 1.3.7rc before 1.3.7rc2 allows remote unauthenticated denial-of-service due to incorrect handling of overly long commands because main.c in a child process enters an infinite loop.\n\n * CVE-2019-19269: An issue was discovered in tls_verify_crl in ProFTPD through 1.3.6b. A dereference of a NULL pointer may occur. This pointer is returned by the OpenSSL sk_X509_REVOKED_value() function when encountering an empty CRL installed by a system administrator. The dereference occurs when validating the certificate of a client connecting to the server in a TLS client/server mutual-authentication setup.\n\n * CVE-2019-19270: An issue was discovered in tls_verify_crl in ProFTPD through 1.3.6b. Failure to check for the appropriate field of a CRL entry (checking twice for subject, rather than once for subject and once for issuer) prevents some valid CRLs from being taken into account, and can allow clients whose certificates have been revoked to proceed with a connection to the server.",
"Advisory": {
"From": "errata.altlinux.org",
"Severity": "High",
"Rights": "Copyright 2024 BaseALT Ltd.",
"Issued": {
"Date": "2020-10-08"
},
"Updated": {
"Date": "2020-10-08"
},
"BDUs": [
{
"ID": "BDU:2019-04710",
"CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-835",
"Href": "https://bdu.fstec.ru/vul/2019-04710",
"Impact": "High",
"Public": "20191021"
}
],
"CVEs": [
{
"ID": "CVE-2019-18217",
"CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-835",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2019-18217",
"Impact": "High",
"Public": "20191021"
},
{
"ID": "CVE-2019-19269",
"CVSS": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-476",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2019-19269",
"Impact": "Low",
"Public": "20191130"
},
{
"ID": "CVE-2019-19270",
"CVSS": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"CWE": "CWE-295",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2019-19270",
"Impact": "High",
"Public": "20191126"
}
],
"AffectedCPEs": {
"CPEs": [
"cpe:/o:alt:kworkstation:10",
"cpe:/o:alt:workstation:10",
"cpe:/o:alt:server:10",
"cpe:/o:alt:server-v:10",
"cpe:/o:alt:education:10",
"cpe:/o:alt:slinux:10",
"cpe:/o:alt:starterkit:p10",
"cpe:/o:alt:kworkstation:10.1",
"cpe:/o:alt:workstation:10.1",
"cpe:/o:alt:server:10.1",
"cpe:/o:alt:server-v:10.1",
"cpe:/o:alt:education:10.1",
"cpe:/o:alt:slinux:10.1",
"cpe:/o:alt:starterkit:10.1",
"cpe:/o:alt:kworkstation:10.2",
"cpe:/o:alt:workstation:10.2",
"cpe:/o:alt:server:10.2",
"cpe:/o:alt:server-v:10.2",
"cpe:/o:alt:education:10.2",
"cpe:/o:alt:slinux:10.2",
"cpe:/o:alt:starterkit:10.2"
]
}
}
},
"Criteria": {
"Operator": "AND",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:2001",
"Comment": "ALT Linux must be installed"
}
],
"Criterias": [
{
"Operator": "OR",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:20202973001",
"Comment": "proftpd is earlier than 0:1.3.6-alt0.3.ga73dbfe3b"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20202973002",
"Comment": "proftpd-control is earlier than 0:1.3.6-alt0.3.ga73dbfe3b"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20202973003",
"Comment": "proftpd-devel is earlier than 0:1.3.6-alt0.3.ga73dbfe3b"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20202973004",
"Comment": "proftpd-mod_ban is earlier than 0:1.3.6-alt0.3.ga73dbfe3b"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20202973005",
"Comment": "proftpd-mod_ctrls_admin is earlier than 0:1.3.6-alt0.3.ga73dbfe3b"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20202973006",
"Comment": "proftpd-mod_dynmasq is earlier than 0:1.3.6-alt0.3.ga73dbfe3b"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20202973007",
"Comment": "proftpd-mod_exec is earlier than 0:1.3.6-alt0.3.ga73dbfe3b"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20202973008",
"Comment": "proftpd-mod_facl is earlier than 0:1.3.6-alt0.3.ga73dbfe3b"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20202973009",
"Comment": "proftpd-mod_ifsession is earlier than 0:1.3.6-alt0.3.ga73dbfe3b"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20202973010",
"Comment": "proftpd-mod_ldap is earlier than 0:1.3.6-alt0.3.ga73dbfe3b"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20202973011",
"Comment": "proftpd-mod_load is earlier than 0:1.3.6-alt0.3.ga73dbfe3b"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20202973012",
"Comment": "proftpd-mod_quotatab is earlier than 0:1.3.6-alt0.3.ga73dbfe3b"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20202973013",
"Comment": "proftpd-mod_quotatab_file is earlier than 0:1.3.6-alt0.3.ga73dbfe3b"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20202973014",
"Comment": "proftpd-mod_quotatab_ldap is earlier than 0:1.3.6-alt0.3.ga73dbfe3b"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20202973015",
"Comment": "proftpd-mod_quotatab_sql is earlier than 0:1.3.6-alt0.3.ga73dbfe3b"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20202973016",
"Comment": "proftpd-mod_radius is earlier than 0:1.3.6-alt0.3.ga73dbfe3b"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20202973017",
"Comment": "proftpd-mod_ratio is earlier than 0:1.3.6-alt0.3.ga73dbfe3b"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20202973018",
"Comment": "proftpd-mod_rewrite is earlier than 0:1.3.6-alt0.3.ga73dbfe3b"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20202973019",
"Comment": "proftpd-mod_sftp is earlier than 0:1.3.6-alt0.3.ga73dbfe3b"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20202973020",
"Comment": "proftpd-mod_sftp_pam is earlier than 0:1.3.6-alt0.3.ga73dbfe3b"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20202973021",
"Comment": "proftpd-mod_sftp_sql is earlier than 0:1.3.6-alt0.3.ga73dbfe3b"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20202973022",
"Comment": "proftpd-mod_shaper is earlier than 0:1.3.6-alt0.3.ga73dbfe3b"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20202973023",
"Comment": "proftpd-mod_site_misc is earlier than 0:1.3.6-alt0.3.ga73dbfe3b"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20202973024",
"Comment": "proftpd-mod_sql is earlier than 0:1.3.6-alt0.3.ga73dbfe3b"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20202973025",
"Comment": "proftpd-mod_sql_mysql is earlier than 0:1.3.6-alt0.3.ga73dbfe3b"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20202973026",
"Comment": "proftpd-mod_sql_passwd is earlier than 0:1.3.6-alt0.3.ga73dbfe3b"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20202973027",
"Comment": "proftpd-mod_sql_postgres is earlier than 0:1.3.6-alt0.3.ga73dbfe3b"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20202973028",
"Comment": "proftpd-mod_sql_sqlite is earlier than 0:1.3.6-alt0.3.ga73dbfe3b"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20202973029",
"Comment": "proftpd-mod_tls is earlier than 0:1.3.6-alt0.3.ga73dbfe3b"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20202973030",
"Comment": "proftpd-mod_tls_memcache is earlier than 0:1.3.6-alt0.3.ga73dbfe3b"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20202973031",
"Comment": "proftpd-mod_tls_shmcache is earlier than 0:1.3.6-alt0.3.ga73dbfe3b"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20202973032",
"Comment": "proftpd-mod_unique_id is earlier than 0:1.3.6-alt0.3.ga73dbfe3b"
}
]
}
]
}
}
]
}
Reference in New Issue View Git Blame Copy Permalink